Employers are vetting out applicants online. The new adage is “Google them.” Some employers are stepping over the line of a simple web search to asking for an applicant’s password to social networking sites such as Facebook, Twitter, and Myspace. This may seem like prudent vetting practice, but in fact it’s more troublesome and legally dangerous than it is worth.
After an uproar over privacy laws on the Internet, a Montana city government retracted their policy of asking for applicants’ private passwords for social networking sites. Personally, I think Montana was fortunate it was an uproar on the internet and not an EEOC lawsuit that caused them to rethink their policy. Collecting a mere applicant’s or even an employee’s privacy credentials is not only legally dangerous, but unnecessary.
Let’s think through the logic of this. Say an employer, “BigCompany,” wants to vet potential 17-year-old intern, “Sarah Genius;” they want to ensure she conducts herself in a manner that is becoming to BigCompany. BigCompany’s Human Resources staff, namely low-on-the-totem-pole tech “Pete BadApple,” conducts a simple web search and views what the public can see online about her.
Pete BadApple fancies himself an expert internet searcher. He finds every group Sarah Genius had ever briefly been a member of, every update she posted on MySpace, and every forum she ever lurked on. This is all just public information. Pete BadApple makes a note that Sarah Genius suffers from diabetes and kidney problems (information he assumes based on her group memberships). Pete BadApple uses Sarah’s passwords to log in as Sarah on Facebook. He concludes that Sarah is African-American, based on her family and friend connections. Pete BadApple had met Sarah Genius during the interview process (and found her to be quite cute, actually), and this information is jarring to him.
Still, Pete BadApple continues on, looking through Sarah Genius’s friend lists. Lo and behold, Pete finds that Sarah is a cousin of Huge MovieStar. Huge MovieStar has a private profile and is connected only to friends and family that also have private profiles. They are a tight-knit group and protect Huge MovieStar’s privacy fiercely. Well, Pete BadApple is logged in as Huge MovieStar’s cousin, Sarah Genius, so Pete can thumb through Huge MovieStar’s updates. He finds that Huge MovieStar, who is all over the headlines for being tapped to star as the Next Indiana Spider-Terminator, was newly diagnosed with Leukemia. The headlines have no idea about this, and the movie studio would certainly withdraw the offer if they knew. Pete BadApple is a little short on cash this month, so he calls and sells the story to a tabloid, sending screen shots as proof. Pete BadApple finishes his vetting process of Sarah Genius and emails his report to his boss, and then forwards a copy to his friend, adding pictures of Sarah Genius in a topless bikini, captioning the pictures with “Can you believe this chick is Black? She’s totally hot anyway!”
Lo and behold, somehow Pete BadApple’s report and email wind up in the hands of an EEOC lawyer and the local and federal law authorities that investigate child pornography. BigCompany now has a Big Problem.
Even if Pete BadApple was Pete GoodApple, the mere public web search may have brought up information that although public, should not be part of the vetting process. Pete BadApple should not have included Sarah Genius’s medical-condition support group memberships in his report. This information violates the law. The other concern is that every company has a Pete BadApple. Even Pete GoodApple can “turn bad” when faced with potentially money-making information about an applicant. Why put your employees in that situation and your company at risk?
Nowhere in this process should private interactions come into public view. When you vet a person’s background, you should worry only about what the public can see about that person. Of course, password protection and site security aren’t foolproof and one day private information may become public (although this is a very rare occurrence); we can understand why BigCompany wants to make sure Sarah Genius isn’t a closet freak. But just because the Internet makes it more possible than ever to vet out a person’s background, it doesn’t mean an employer should. Employers got along just fine before Facebook. BigCompany can better predict Sarah’s future performance by looking at her past performance than they can aptly predict her performance based on her private web page. In fact, Sarah’s private web persona is most likely very different than her work or everyday persona. If employers make assumptions based on the content of Facebook Walls, they will be likely passing up qualified candidate after qualified candidate (this is especially true when the hiring manager is a Boomer and the applicant is from Gen X or Y).
An applicant’s privacy is better left intact. If you are an employer, rely on the old-fashioned vetting methods like a credit check and recommendations, and add a regular web search of public pages. Ignore memberships in any public support groups or forums. Keep your company free of legal and civil complications.
What do you think? Have you run into a situation at work where someone’s online privacy was violated? Heard of any lawsuits about this type of thing? Let’s discuss in the comments.